Age | Commit message (Collapse) | Author |
|
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
|
|
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
[auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
[channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
[kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
[monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
[servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
[uuencode.h xmalloc.c]
move #include <stdio.h> out of includes.h
|
|
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
[hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
[scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
[sshconnect1.c sshd.c xmalloc.c]
move #include <stdlib.h> out of includes.h
|
|
[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
[groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
[packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
[sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
[uidswap.c xmalloc.c]
move #include <sys/param.h> out of includes.h
|
|
fix compile error with -Werror -Wall: 'path' is only used in
do_setup_env() if HAVE_LOGIN_CAP is not defined
|
|
[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
[auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
[authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
[cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
[compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
[includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
[progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
[ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
move #include <string.h> out of includes.h
|
|
[auth1.c serverloop.c session.c sshconnect2.c]
missed some needed #include <unistd.h> when KERBEROS5=no; issue from
massimo@cedoc.mo.it
|
|
[servconf.c servconf.h session.c sshd.8 sshd_config sshd_config.5]
Add ForceCommand keyword to sshd_config, equivalent to the "command="
key option, man page entry and example in sshd_config.
Feedback & ok djm@, man page corrections & ok jmc@
|
|
[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
move #include <errno.h> out of includes.h; ok markus@
|
|
[clientloop.c ssh.1 ssh.c channels.c ssh_config.5 readconf.h session.c
channels.h readconf.c]
add ExitOnForwardFailure: terminate the connection if ssh(1)
cannot set up all requested dynamic, local, and remote port
forwardings. ok djm, dtucker, stevesk, jmc
|
|
[monitor.c session.c]
missed these from last commit:
move #include <sys/socket.h> out of includes.h
|
|
[authfd.c canohost.c clientloop.c dns.c dns.h includes.h]
[monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c]
[ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h]
move #include <sys/socket.h> out of includes.h
|
|
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
[auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
[auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
[monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
[session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
[ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
[uidswap.h]
move #include <pwd.h> out of includes.h; ok markus@
|
|
[servconf.c servconf.h session.c sshd_config.5]
support arguments to Subsystem commands; ok markus@
|
|
[channels.c includes.h]
move #include <arpa/inet.h> out of includes.h; old ok djm@
(portable needed session.c too)
|
|
[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
move #include <grp.h> out of includes.h
(portable needed uidswap.c too)
|
|
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
in Portable-only code; since calloc zeros, remove now-redundant memsets.
Also add a couple of sanity checks. With & ok djm@
|
|
[includes.h session.c sftp.c]
Switch from using pipes to socketpairs for communication between
sftp/scp and ssh, and between sshd and its subprocesses. This saves
a file descriptor per session and apparently makes userland ppp over
ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this
decision on a per-platform basis)
|
|
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880; ok dtucker@
|
|
[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
[auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
[auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
[buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
[cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
[deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
[kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
[mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
[monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
[readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
[session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
[sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c]
Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
Theo nuked - our scripts to sync -portable need them in the files
|
|
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
|
|
[channels.c monitor.c session.c session.h ssh-agent.c ssh-keygen.c]
[ssh-rsa.c ssh.c sshlogin.c]
annoying spacing fixes getting in the way of real diffs
|
|
[kex.c kex.h monitor.c myproposal.h session.c]
spacing
|
|
[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
[auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
[auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
[auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
[canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
[groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
[kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
[loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
[nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
[scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
[sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
[ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
[ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
[sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
[uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
[openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
[openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
[openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
[openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
RCSID() can die
|
|
[sftp-client.c ssh-keysign.c ssh.c sshconnect.c sshconnect2.c]
[sshd.c openbsd-compat/bsd-misc.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/glob.c openbsd-compat/mktemp.c]
[openbsd-compat/readpassphrase.c] Lots of include fixes for
OpenSolaris
|
|
[session.c]
fix logout recording when privilege separation is disabled, analysis and
patch from vinschen at redhat.com; tested by dtucker@ ok deraadt@
NB. ID sync only - patch already in portable
|
|
- stevesk@cvs.openbsd.org 2006/02/20 17:02:44
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
the previous was:
- stevesk@cvs.openbsd.org 2006/02/20 17:19:54
[auth-rhosts.c auth-rsa.c auth.c auth2-none.c auth2-pubkey.c]
[authfile.c clientloop.c includes.h readconf.c scp.c session.c]
[sftp-client.c sftp-common.c sftp-common.h sftp-glob.c]
[sftp-server.c sftp.c ssh-add.c ssh-keygen.c ssh.c sshconnect.c]
[sshconnect2.c sshd.c sshpty.c]
move #include <sys/stat.h> out of includes.h; ok markus@
|
|
[clientloop.c includes.h monitor.c progressmeter.c scp.c]
[serverloop.c session.c sftp.c ssh-agent.c ssh.c sshd.c]
move #include <signal.h> out of includes.h; ok markus@
|
|
[authfd.c channels.c includes.h session.c ssh-agent.c ssh.c]
move #include <sys/un.h> out of includes.h; ok djm@
|
|
[includes.h monitor.c readpass.c scp.c serverloop.c session.c^?]
[sftp.c sshconnect.c sshconnect2.c sshd.c]
move #include <sys/wait.h> out of includes.h; ok markus@
|
|
[auth.c clientloop.c includes.h misc.c monitor.c readpass.c]
[session.c sftp.c ssh-agent.c ssh-keysign.c ssh.c sshconnect.c]
[sshd.c sshpty.c]
move #include <paths.h> out of includes.h; ok markus@
|
|
post auth privsep disabled due to bug 1086 changes. Analysis and patch
by vinschen at redhat.com. OK tim@, dtucker@.
|
|
[session.c sshd.c]
eliminate some code duplicated in privsep and non-privsep paths, and
explicitly clear SIGALRM handler; "groovy" deraadt@
|
|
[ssh_config.5 session.c]
spelling: fowarding, fowarded
|
|
[channels.c channels.h session.c]
make sure protocol messages for internal channels are ignored.
allow adjust messages for non-open channels; with and ok djm@
|
|
[clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
[ssh.c sshconnect.c sshconnect1.c sshd.c]
no need to escape single quotes in comments, no binary change
|
|
[channels.c channels.h clientloop.c serverloop.c session.c]
fix regression I introduced in 4.2: X11 forwardings initiated after
a session has exited (e.g. "(sleep 5; xterm) &") would not start.
bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
|
|
enabled, instead allow PAM to handle it. Note that on platforms using PAM,
the pam_nologin module should be added to sshd's session stack in order to
maintain exising behaviour. Based on patch and discussion from t8m at
centrum.cz, ok djm@
|
|
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
Feedback and OK dtucker@
|
|
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
by tim@. Feedback and OK dtucker@
|
|
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
|
|
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
[sshconnect.c sshconnect2.c]
knf says that a 2nd level indent is four (not three or five) spaces
|
|
- djm@cvs.openbsd.org 2005/07/17 06:49:04
[channels.c channels.h session.c session.h]
Fix a number of X11 forwarding channel leaks:
1. Refuse multiple X11 forwarding requests on the same session
2. Clean up all listeners after a single_connection X11 forward, not just
the one that made the single connection
3. Destroy X11 listeners when the session owning them goes away
testing and ok dtucker@
|
|
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
|
|
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
|
|
|
|
UseLogin is set as PAM is not used to establish credentials in that
case. Found by Michael Selvesteen, ok djm@
|
|
events earlier, prevents mm_request_send errors reported by Matt Goebel.
|
|
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
|
|
the username to be passed to the passwd command when changing expired
passwords. ok djm@
|